From 9db828ffd4f663f442a737acdd5352c7e89bc54d Mon Sep 17 00:00:00 2001 From: Kenneth Jenkins <51246568+kenjenkins@users.noreply.github.com> Date: Wed, 6 Dec 2023 17:14:20 -0800 Subject: [PATCH] authenticateflow: move logAuthenticateEvent (#4821) Move the Stateless.logAuthenticateEvent() method into the main stateless.go file. (This was in events.go temporarily so that Git would track the file history as a rename from authenticate/events.go.) --- internal/authenticateflow/events.go | 49 -------------------------- internal/authenticateflow/stateless.go | 39 ++++++++++++++++++++ 2 files changed, 39 insertions(+), 49 deletions(-) diff --git a/internal/authenticateflow/events.go b/internal/authenticateflow/events.go index 9a9f1cd4f..ca261e008 100644 --- a/internal/authenticateflow/events.go +++ b/internal/authenticateflow/events.go @@ -2,14 +2,6 @@ package authenticateflow import ( "context" - "net/http" - "net/url" - - "github.com/pomerium/pomerium/internal/httputil" - "github.com/pomerium/pomerium/internal/log" - "github.com/pomerium/pomerium/internal/urlutil" - identitypb "github.com/pomerium/pomerium/pkg/grpc/identity" - "github.com/pomerium/pomerium/pkg/hpke" ) // AuthEventKind is the type of an authentication event @@ -44,44 +36,3 @@ type AuthEvent struct { // AuthEventFn is a function that handles an authentication event type AuthEventFn func(context.Context, AuthEvent) - -// TODO: move into stateless.go; this is here for now just so that Git will -// track the file history as a rename from authenticate/events.go. -func (s *Stateless) logAuthenticateEvent(r *http.Request, profile *identitypb.Profile) { - if s.authEventFn == nil { - return - } - - ctx := r.Context() - pub, params, err := hpke.DecryptURLValues(s.hpkePrivateKey, r.Form) - if err != nil { - log.Warn(ctx).Err(err).Msg("log authenticate event: failed to decrypt request params") - } - - evt := AuthEvent{ - IP: httputil.GetClientIP(r), - Version: params.Get(urlutil.QueryVersion), - RequestUUID: params.Get(urlutil.QueryRequestUUID), - PubKey: pub.String(), - } - - if uid := getUserClaim(profile, "sub"); uid != nil { - evt.UID = uid - } - if email := getUserClaim(profile, "email"); email != nil { - evt.Email = email - } - - if evt.UID != nil { - evt.Event = AuthEventSignInComplete - } else { - evt.Event = AuthEventSignInRequest - } - - if redirectURL, err := url.Parse(params.Get(urlutil.QueryRedirectURI)); err == nil { - domain := redirectURL.Hostname() - evt.Domain = &domain - } - - s.authEventFn(ctx, evt) -} diff --git a/internal/authenticateflow/stateless.go b/internal/authenticateflow/stateless.go index 48e567eb5..e5b429faf 100644 --- a/internal/authenticateflow/stateless.go +++ b/internal/authenticateflow/stateless.go @@ -284,6 +284,45 @@ func (s *Stateless) LogAuthenticateEvent(r *http.Request) { s.logAuthenticateEvent(r, nil) } +func (s *Stateless) logAuthenticateEvent(r *http.Request, profile *identitypb.Profile) { + if s.authEventFn == nil { + return + } + + ctx := r.Context() + pub, params, err := hpke.DecryptURLValues(s.hpkePrivateKey, r.Form) + if err != nil { + log.Warn(ctx).Err(err).Msg("log authenticate event: failed to decrypt request params") + } + + evt := AuthEvent{ + IP: httputil.GetClientIP(r), + Version: params.Get(urlutil.QueryVersion), + RequestUUID: params.Get(urlutil.QueryRequestUUID), + PubKey: pub.String(), + } + + if uid := getUserClaim(profile, "sub"); uid != nil { + evt.UID = uid + } + if email := getUserClaim(profile, "email"); email != nil { + evt.Email = email + } + + if evt.UID != nil { + evt.Event = AuthEventSignInComplete + } else { + evt.Event = AuthEventSignInRequest + } + + if redirectURL, err := url.Parse(params.Get(urlutil.QueryRedirectURI)); err == nil { + domain := redirectURL.Hostname() + evt.Domain = &domain + } + + s.authEventFn(ctx, evt) +} + func getUserClaim(profile *identitypb.Profile, field string) *string { if profile == nil { return nil